1167066 - No sound WebRTC audio for sites that don't use perfect forward secrecy

Status: RESOLVED WONTFIX

(Core :: WebRTC: Audio/Video, defect)

Description

[Alice0775 White]

When I test Bug 1166937, I notice the problem

This does not heppen on 39.0.

Steps To Reproduce:
1) Connect to a phone conference bridge via WebRTC/JsSIP using the following url demo which is provided by Bug 1166937's author.
http://www.felonyflats.com/ffdemo/

2) After allowing browser access to the microphone, you will connect to the conference, hear an audio message about an invalid conference ID, then be disconnected.

Actual Results:
No sound

Expected Results:
An audio message should be playing

Comment 1

[Alice0775 White]

Pushlog:
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=87fe5bc1233f&tochange=47d9e690f4a9

Triggered by:
47d9e690f4a9	Martin Thomson — Bug 1052610 - Disabling non-PFS cipher suites, r=ekr


Fixed range in beta channel(38beta cycle)
https://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=d133698337aa&tochange=286ae47a6018

Fixed by(38beta cycle))
d10817faa571	Martin Thomson — Bug 1158343 - Temporarily enable TLS_RSA_WITH_AES_128_CBC_SHA for WebRTC. r=ekr, a=sledru

Comment 2

[Alice0775 White]

[Tracking Requested - why for this release]:

Comment 3

[jen strickland :jenstrickland]

Tracking enabled, since this appears to be a regression issue.

Comment 4

[Martin Thomson [:mt:]]

This is not a tracking issue.  We announced this change https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/ but made a temporary allowance for 38 to give sites another cycle to adjust.

Comment 5

[Liz Henry (:lizzard) (privacy/fingerprinting team)]

Martin, does this mean people will only see/notice this behavior for the first time in 39?  

In that case, what do you think about writing a release note explaining that it's a known issue?  Or relnoting it as a security fix. Maire, what do you think?

Comment 6

[Martin Thomson [:mt:]]

This has been on pre-release channels for ages now.  And we always encourage WebRTC developers to use Nightly or Aurora because things are still in flux.  It shouldn't be a surprise (though for some, inevitably, it will be).

Release notes seem appropriate though.

WebRTC now requires perfect forward secrecy [https://bugzilla.mozilla.org/show_bug.cgi?id=996237, https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/

Comment 7

[Liz Henry (:lizzard) (privacy/fingerprinting team)]

Release Note Request (optional, but appreciated)
[Why is this notable]: This will be noticeable on release for the first time. 
[Suggested wording]: WebRTC now requires perfect forward secrecy 
[Links (documentation, blog post, etc)]: https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/

This isn't an ideal bug to inspire this release note, but it's also a little unclear which would be better. Maybe bug 1158343, where there are some notes on issues with Facebook.

Comment 8

[Liz Henry (:lizzard) (privacy/fingerprinting team)]

Martin, if bug 1158343 temporarily re-enabled this, where was this undone?  What bug number?
We should probably follow up to test if Facebook fixed what we thought they might have by now.

Comment 9

[Maire Reavy [:mreavy]]

Liz and I talked on IRC; we've communicated this a bunch, and we'll relnote it.

Comment 10

[Martin Thomson [:mt:]]

Liz, bug 1158343 was a selective uplift only, backing out one change for 38 only.  Later branches didn't receive the fix.  There's no code change required to keep 39+ on PFS-only.

Comment 11

[Kate Glazko]

Wontfix since FF only supports sites that use PFS for WebRTC.

Comment 12

[Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)]

Release note added to Firefox 41.0a2